This Confidentiality and Impartiality Policy sets forth the binding obligations of SAV Advisory Inc. (“SAV Advisory”) for maintaining the confidentiality of client information and ensuring the independence and impartiality of all certification activities.
SAV Advisory is committed to:
Absolute confidentiality of all information obtained during its operations.
Complete impartiality in decision-making, free from conflicts of interest or undue influence.
Full compliance with ISO/IEC 17021-1:2015, legal requirements, and accreditation body regulations.
This policy applies to all employees, subcontractors, committee members, and any person acting on behalf of SAV Advisory, and is enforceable through contractual agreements and strict compliance monitoring.
All information received by, or available to, SAV Advisory personnel—including staff, subcontractors, and committee members—in any format during:
Audit activities
Other certification activities
Any engagement with an organization for any reason
Shall be considered strictly confidential and shall not be disclosed to any third party except:
As required by ISO/IEC 17021-1:2015, or
With the express written consent of the concerned organization or individual.
Where disclosure is legally mandated, SAV Advisory shall, unless prohibited by law, notify the affected client or individual in advance of the intended disclosure.
If SAV Advisory identifies that an organization is:
Operating in violation of legal requirements, or
Engaging in practices that pose a danger to staff, customers, or the environment,
SAV Advisory reserves the right to report such matters to the relevant authority immediately, with top management’s authorization.
Records are stored securely, accessible only to authorized personnel via secure paper or password-protected electronic systems.
Subcontractors are limited to information they themselves generated during an audit.
Access is restricted to parties with a legitimate and legal right, including Accreditation Bodies.
All staff, subcontractors, CEOs, and committee members must sign a confidentiality agreement.
Subcontractors must sign an additional agreement affirming their responsibility to maintain confidentiality.
SAV Advisory Inc. is fully committed to conducting all certification activities in accordance with the principles of independence, impartiality, and integrity as required under ISO/IEC 17021-1.
We recognize that impartiality is essential to the credibility of the certification process, and therefore:
No Consultancy Influence – SAV Advisory does not offer or provide management system consultancy, internal audit services, or training that could compromise the impartiality of certification decisions.
No Conflict of Interest – We do not certify any organization where we have provided consultancy or internal audit services within the last two years, nor do we employ any personnel with direct or indirect conflicts of interest in the certification decision.
To further safeguard impartiality:
Certification decisions are taken independently by competent personnel.
Auditor assignments are based on objective criteria and subject to conflict-of-interest review.
Our processes prohibit any inducement or undue influence.
Oversight is provided by a governing committee with balanced external representation to ensure compliance with all legal, regulatory, and accreditation requirements.
SAV Advisory, its managers, staff, and subcontractors recognize and uphold the importance of impartiality in all certification activities. This includes:
Avoiding conflicts of interest.
Maintaining objective decision-making.
Demonstrating impartiality at all times.
Certificates are issued only after review by an independent, authorized, and competent management member who:
Was not involved in the audit.
Has no conflict of interest with the client.
SAV Advisory:
Does not provide internal audit services to certified clients.
Does not hold ownership or interest in other certification bodies.
Does not partner with consultancy firms that could compromise impartiality.
Does not assign auditors to clients they have had a relationship with in the past two years, unless approved under strict impartiality controls.
All personnel must declare current and prior business relationships that could present a conflict.
Individuals will be excluded from audits where impartiality cannot be guaranteed.
SAV Advisory enforces the following impartiality norms without exception:
No outsourcing of auditors to consultancy organizations.
No referral fees to consultancy organizations.
No specific standard implementation training for individual companies (all training is general).
No acceptance of gifts from clients or consultants.
No audits for organizations where auditors’ relatives hold decision-making roles.
No assignment of audits to individuals who have served the client within the past 2 years.
No compromise on audit time requirements.
No retention of client information beyond its intended use—must be returned after use.
Mandatory reporting of unethical practices.
Transparency in all dealings and records.
Strict disciplinary action for breaches, as decided by management in consultation with the Impartiality Committee.
All certification decisions are retained in-house and never outsourced.
Decisions are made by a competent Scheme Manager uninvolved in the audit.
All external relationships undergo risk assessment to ensure impartiality is never compromised.
Revenue from clients is recognized as a potential impartiality threat; robust controls are in place to mitigate it.
SAV Advisory identifies and mitigates the following risks:
Self-interest threats – personal or financial gain.
Self-review threats – reviewing one’s own work.
Familiarity threats – excessive trust with clients.
Intimidation threats – coercion or undue influence.
SAV Advisory affirms that:
All relationships with potential to affect impartiality have been risk assessed.
No existing relationships require additional mitigation.
This policy is binding on all SAV Advisory personnel and subcontractors.
The organization remains fully committed to:
Absolute confidentiality in all client dealings.
Complete impartiality and independence in certification activities.
Full compliance with ISO/IEC 17021-1:2015 and all accreditation requirements.
By partnering with SAV Advisory, you gain access to a team of experts dedicated to ensuring your business’s cyber health and compliance, allowing you to focus on achieving your business objectives.